Re: Graceful shutdown of TLS connection for blocking sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The way to handle this situation is simply to never enter SSL_read() if there isn't anything to read on the socket.  select() or pselect() are your friends, here, because they'll tell you if there's data to read from the underlying file descriptor.

I hope this helps!

-Kyle H

On Oct 5, 2017 02:58, "mahesh gs" <mahesh116@xxxxxxxxx> wrote:
Hi All,

I have query regarding the SSL_read on blocking socket. How to come out of blocking SSL_read when we have to close the connection ?

As per the documentation SSL_read will only return if there is any data or an error occurred.

 "If the underlying BIO is blocking, SSL_read() will only return, once the read operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur"

I am trying following methods 

method 1:

1) Thread - 1 blocks in SSL_read
2) Thread - 2 receive indication to stop the connection from application. Call SSL_Shutdown() to unblock the SSL_read in thread - 1. But this is dangerous as calling SSL_shutdown and SSL_read from different threads on same context can lead to undefined behaviour.

method 2:

1) Thread - 1 blocks in SSL_read
2) Thread - 2 receive indication to stop the connection from application. shutdown the underlying TCP socket using system command (shutdown (socket_id, SHUT_WR)) that cause the SSL_read to unblock.
3) Thread - 1 unwind and close the TCP socket (using close(socket_id)). thread -1 cannot call SSL_Shutdown since the TCP socket is shutdown by thread - 2 for write operation. As per my understanding this violates the TLS standard because of not sending out the close notify handshake.

How to ensure to come out of blocking SSL_read and initiate SSL_shutdown from same thread?

Thanks,
Mahesh G S

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux